[nylug-talk] are we about to lose something?

R. Mariotti
Mon Nov 6 10:54:10 EST 2006 

Gary Mort wrote:
> Kevin Mark wrote:
>> As a comparison, Microsoft made its smb, cifs, etc. technology.  Linux
>> was born and started to seek interoperability. Like the 'fair use' of
>> old, we didn't ask permission, secure a licence or pay royalties.  Why?
>> Because they methods that we used were allowed.
>>
>> Now, Novell is seeking to get permisson to stuff from Microsoft to help
>> them interoperate. None of it can be under a FLOSS license. So it does
>> not contribute to the FLOSS collective. Sure Novell can use it for their
>> advantage, but its worthless to us.   
> 
> 
> Correction IBM created smb file sharing.  
> http://en.wikipedia.org/wiki/Server_Message_Block
> 
> Microsoft and IBM extended it through their joint developement of the 
> OS/2 operating system(very similiar to how Novell and Microsoft plan to 
> be working together)
> 
> Microsoft then took the technologies developed there and extended them 
> further, adding various encryption routines as it was discovered that 
> sending clear text passwords over networks was not a good idea.
> 
> Even today, you can turn off that password encryption functionality in 
> all the derivatives of SMB and run them with complete interoperability.
> 
> The problem comes into play with the encryption routing Microsoft uses.
> 
> Now, you say that Novell's joint partnership won't provide us with 
> anything.  I disagree.  SAMBA servers on Linux have reached a point of 
> diminishing returns.  There are some passwords that Windows clients when 
> they encrypt them don't match the encrypted passwords the Linux SAMBA 
> server has on file.
> 
> With this partnership, I'll assume some Samba developer will be 
> interested in getting Samba completely working for Novell.  So he will 
> go out and look at the source code and discover why it doesn't work.
> 
> Possibly, the problem is that Microsoft windows doesn't actually encrypt 
> certain combinations of passwords.  Special charectors might get 
> replaced with some other charector - making for a weaker password 
> system.  Or maybe they truncate the passwords, so "thisisalongpassword" 
> and "thisisalongerpassword" would both be truncated to "thisisalong" and 
> then encrypted.  If it is something like this, he can make a fix for 
> Novell, announce how the fix works, raise the security concern and the 
> Samba community can decide whether to sacrifice security to implement 
> the same fix in open source product.   Open Source gains.
> 
> Possibly, the problem is that Microsoft windows uses a slightly 
> different encryption algorythm.  So Novell Samba is born which supports 
> this different algorythm.  In this case, since the algorythm is owned by 
> Microsoft, we have a fork of Samba.  Those who want to use it will be 
> stuck with Novell's Linux.  5 years down the road, the partnetship 
> dissolves, Microsoft pulls their normal routine on Novell.  Novell, in 
> return can say "well, all those technologies we jointly developed we 
> both have joint ownership of.  So Novell will release ours for anyone to 
> use for free."  And the Samba community can now use Novell's free 
> license to incorporate the technology into the Open Source version.  
> Again we win.
> 
> Alternatively, perhaps the Samba community will look at what is being 
> done and say "this whole password encryption routine would be more 
> secure if we did X" and provide an implementation for Samba.  Novell can 
> incorporate it for their systems.  Microsoft can incorporate it for 
> theirs, and we all get to interoperate.
> 
> -Gary
> _____________________________________________________________________________ 
> 
> Hire expert Linux talent by posting jobs here :: http://jobs.nylug.org
> The nylug-talk mailing list is at nylug-talk at nylug.org
> The list archive is at http://nylug.org/pipermail/nylug-talk
> To subscribe or unsubscribe: http://nylug.org/mailman/listinfo/nylug-talk


Having been actively in this industry since BEFORE M$ I have experienced 
what EVERY relationship M$ has entered has become.  As a previous poster 
stated - the "new ground" Novell is breaking is their grave.  I whole 
heartedly AGREE!

Remember the "Little Red Ridinghood" story.  In this case M$ will be the 
WOLF in gradma's clothing (er' Novell's corporate polo shirt)!

I really am not a skeptical person overall, but I can't see this 
arrangement providing ANY long-term gain for anyone but M$ and 
especially not the consumer.  And I AM a long time die hard linux advocate.

bobmct

More information about the nylug-talk mailing list